/usr/share/doc/libmyproxy-dev/extras/myproxy-certreq-checker is in libmyproxy-doc 6.0-3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | #!/bin/sh
# example certificate_request_checker script
# pull certreq from stdin to shell variable
certreq=`openssl req -text`
# check for blacklisted Debian keys
blacklist=`ls /usr/local/openssl-blacklist/blacklist.RSA-*`
tag=`echo "$certreq" | \
openssl req -noout -modulus|sha1sum|cut -d ' ' -f 1|cut -c21-41`
if [ `cat $blacklist | grep -c $tag` -ne 0 ]; then
echo "known weak Debian key in certificate request" 1>&2
exit 1
fi
# check for weak exponents
exponent=`echo "$certreq" | \
openssl req -noout -pubkey | \
openssl rsa -pubin -text -noout | \
grep Exponent | awk '{print $2}'`
if [ "$exponent" -lt 65537 ]; then
echo "weak exponent ($exponent < 65537) in certificate request" 1>&2
exit 1
fi
# all done
exit 0
|